Latest Files for Download

June 11, 2012

SOC 2 has the potential to unify the risk assurance industry by consolidating multiple audits, standards, and compliance requirements under one umbrella engagement. However, if the market is allowed to define anything as internal controls over financial reporting (ICFR), SOC 2 is destined to fail...

June 11, 2012

“Given the time left in this legislative session and the upcoming election this fall, we are concerned that the window of opportunity to pass legislation that is in our view critically necessary to protect our national and economic security is quickly disappearing,” the letter states...

June 05, 2012

Action is required by all organizations to secure their SCADA networks as part of the effort to protect the nation’s critical infrastructure. The President’s Critical Infrastructure Protection Board and the Department of Energy have developed steps to help organizations improve SCADA security...

June 05, 2012

This document reprises the definition of cloud computing, describes cloud computing benefits and open issues, presents an overview of major classes of cloud technology, and provides guidelines and recommendations on how organizations should consider the opportunities and risks of cloud computing...

June 04, 2012

“A public health model encompasses several interesting concepts that can be applied to internet security. As use and reliance on the Internet continues to grow, improving Internet health requires all ecosystem members to take a global, collaborative approach to protecting people from potential dangers online”...

June 04, 2012

Scams, malware campaigns and attacks will continue to grow in scale and complexity as the 27 July opening ceremony in London draws near. Event organizers, sponsors and British authorities continue to increase their physical and cybersecurity awareness as the event approaches...

June 01, 2012

This document aims to provide an overview on the actual situation concerning CERT matters in Europe. It provides a list of response teams and similar facilities by country, but also contains a catalog of co-operation, support and standardization activities related to them....

May 24, 2012

This discussion paper explores the idea of a healthy, resilient – and fundamentally more secure – cyber ecosystem of the future, in which cyber participants, including cyber devices, are able to work together in near‐real time to anticipate and prevent cyber attacks...

May 17, 2012

This bulletin highlights how the portability and remote connectivity of medical devices introduce additional risk into Medical IT networks and failure to implement a robust security program will impact the organization’s ability to protect patients and their information...

May 16, 2012

A business does not need to be located in the PRC to fall victim to espionage. This problem includes old fashioned spying outside of China, sometimes by a classic sleeper agents or by a PRC-owned or invested firm that assesses, develops, and recruits an agent inside your firm...

May 11, 2012

“Internet crime is a growing problem that affects computer users around the world and causes significant financial losses. The IC3 is an efficient mechanism for the public to report suspicious e-mail activity, fraudulent websites, and Internet crimes..."

May 09, 2012

To assist in the important task of developing and maintaining a successful national cyber security strategy, ENISA is developing a Good Practice Guide which will present good practices and recommendations on how to develop, implement and maintain a cyber security strategy...

May 08, 2012

Cyber attacks have increased significantly in number and sophistication resulting in the Federal Government and private sector partners expanding their cybersecurity efforts. US-CERT reported an over 650-percent increase in the number of incidents reported by federal agencies...

May 07, 2012

Federal systems are increasingly at risk to both intentional and unintentional security risks introduced into their supply chain. The document provides a set of 10 practices intended to help federal departments and agencies manage the risk associated with the ICT supply chain...

May 03, 2012

NIST is currently implementing and enhancing the Randomness Beacon. NIST will make the prototype available as a service to promote research, development, and demonstration of cryptographic security protocols that assume the availability of a trusted source of randomness...

May 01, 2012

There are many methods of defense which admins use to block access to their sites or to the parts of the site's functionality. Among such methods there are use of CAPTCHAs and blocking by IP. But not all such methods are reliable enough, and there are ways to bypass them...